CVE-2020-0033

In CryptoPlugin::decrypt of CryptoPlugin.cpp, there is a possible out of bounds write due to stale pointer. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0...

Hardcoding Keys. Is that Wyse?

A couple of years ago, we were testing a large system of around 3000 Wyse terminals, all operating unattended. To configure themselves, they download a configuration file called wlx.ini from a webserver. This file contained a few fields that seemed interesting - ChangeRootPassword and...

Moxa AWK-3131A ServiceAgent Trust Management Issue Vulnerability

Moxa AWK-3131A is a wireless access device from Moxa. A trust management issue vulnerability exists in the ServiceAgent binary in the Moxa AWK-3131A using firmware version 1.13. An attacker could exploit this vulnerability to decrypt captured traffic...

CVE-2019-18988

TeamViewer Desktop through 14.7.1965 allows a bypass of remote-login access control because the same key is used for different customers' installations. It used a shared AES key for all installations since at least as far back as v7.0.43148, and used it for at least OptionsPasswordAES in the...

CVE-2019-18988

TeamViewer Desktop through 14.7.1965 allows a bypass of remote-login access control because the same key is used for different customers' installations. It used a shared AES key for all installations since at least as far back as v7.0.43148, and used it for at least OptionsPasswordAES in the...

Security Bulletin: Weak Cryptographic Algorithm Vulnerability Affects IBM Sterling B2B Integrator (CVE-2018-1720)

Summary IBM Sterling B2B Integrator Standard Edition has addressed the weak cryptographic algorithm vulnerability. Vulnerability Details CVEID: CVE-2018-1720 DESCRIPTION: IBM Sterling B2B Integrator Standard Edition uses weaker than expected cryptographic algorithms that could allow an attacker t...

Security Bulletin: IBM Java Quarterly CPU - Jan 2014 affecting Rational Application Developer (CVE-2014-0411)

Summary Timing differences based on validity of TLS messages can be exploited to decrypt the entire session. Vulnerability Details | Subscribe to My Notifications to be notified of important product support alerts like this. Follow this link for more information requires login with your IBM ID...

CVE-2019-4639

IBM Security Secret Server 10.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 170045...

Amazon Linux 2 : nss (ALAS-2020-1384)

The version of nss installed on the remote host is prior to 3.44.0-7. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2020-1384 advisory. A heap-based buffer overflow was found in the NSCEncryptUpdate function in Mozilla nss. A remote attacker could trigger this...

CVE-2012-4767

An issue exists in Safend Data Protector Agent 3.4.5586.9772 in the securitylayer.log file in the logs.9972 directory, which could let a malicious user decrypt and potentially change the Safend security policies applied to the machine...

CVE-2012-4767

An issue exists in Safend Data Protector Agent 3.4.5586.9772 in the securitylayer.log file in the logs.9972 directory, which could let a malicious user decrypt and potentially change the Safend security policies applied to the machine...

Amazon Linux 2 : nss-softokn (ALAS-2020-1379)

The version of nss-softokn installed on the remote host is prior to 3.44.0-8. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2020-1379 advisory. Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized befor...

CVE-2019-17428

An issue was discovered in Intesync Solismed 3.3sp1. An flaw in the encryption implementation exists, allowing for all encrypted data stored within the database to be decrypted...

Code injection

SaltStack RSA Key Generation allows remote users to decrypt communications...

CVE-2013-2228

SaltStack RSA Key Generation allows remote users to decrypt communications...

CVE-2018-9195

Use of a hardcoded cryptographic key in the FortiGuard services communication protocol may allow a Man in the middle with knowledge of the key to eavesdrop on and modify information URL/SPAM services in FortiOS 5.6, and URL/SPAM/AV services in FortiOS 6.0.; URL rating in FortiClient sent and...

CVE-2018-9195

Use of a hardcoded cryptographic key in the FortiGuard services communication protocol may allow a Man in the middle with knowledge of the key to eavesdrop on and modify information URL/SPAM services in FortiOS 5.6, and URL/SPAM/AV services in FortiOS 6.0.; URL rating in FortiClient sent and...

CVE-2019-15802

An issue was discovered on Zyxel GS1900 devices with firmware before 2.50AAHH.0C0. The firmware hashes and encrypts passwords using a hardcoded cryptographic key in salutilstrencrypt in libsal.so.0.0. The parameters salt, IV, and key data are used to encrypt and decrypt all passwords using AES256...

CVE-2019-2202

In CryptoPlugin::decrypt of CryptoPlugin.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9...

CVE-2019-2203

In CryptoPlugin::decrypt of CryptoPlugin.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8...